By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Many express satisfaction with the system, but some say it's complex and too difficult to use.

"One challenge is having the time and abilities to really lay out Active Directory so it's consistent and allows you to set up group policies that work for IT as well as the users," said Mark Cardono, an IT specialist for the Shore Educational Collaborative, a Chelsea, Mass.-based special needs school serving 10 districts in Massachusetts.

Of 358 IT professionals responding to an April SearchSecurity.com survey on identity and access management, 85% said they use Microsoft for directory services, group policy and provisioning. Nearly two-thirds said Microsoft is their primary vendor for this purpose. Asked which vendors they use for authentication and authorization, 72.6% said Microsoft.

One explanation for the figures may be the sheer number of enterprises that are Windows environments. Active Directory is Microsoft's trademarked directory service, and today is an integral part of the Windows architecture. Like other directory services, such as Novell Directory Services (NDS), Active Directory is a centralized and standardized system that automates network management of user data, security, and distributed resources, and enables interoperation with other directories.

For IT departments managing environments that are predominantly Windows-based, it makes sense from a financial and logistical standpoint to use a directory service that's already built into the operating system.

As Cardono pointed out, "Microsoft Active Directory is part of the package with no extra cost." He said budgets are tight in the education sector and that institutions "can't go out and get the latest and greatest [product] all the time."

In search of Group PolicyThe Group Policy feature in Active Directory is a critical piece of Cardono's patch management plans.

He watched a webcast on how to set up WSUS one night and found that he's not the only one struggling with Group Policy management.

"Information wasn't in a place that was intuitive and the narrator made a point of this," Cardono said, adding that he wants Active Directory to make it easier to find the right policy for specific groups.

Cardono is not alone in wanting a better handle on the program. More than 44% of respondents said a top priority this year is to better leverage Active Directory and other directory services.

Hard to useJessica Lynne Verzi, information security manager for Rochester, N.Y.-based ESL Federal Credit Union, likes that Active Directory has a feature to set domain and group policy. But that doesn't mean she finds the program any easier to use than Cardono does.

"I'm not happy with it," she said. "It's hard to fully grasp everything you can do with Active Directory." She specifically referenced her difficulty in keeping track of who has logged on, when they logged on and what they're doing.

"You have to hit the books and research too much just to figure out how to do certain things," she said. "You have to be very intimate with that product to get it to do what you need it to."

Access (out of) control?

About this special report: You've heard about the need for companies to ensure that network users are who they say they are, and that employees can only access what their jobs require. In this special report, IT professionals surveyed by SearchSecurity.com share the pain points and solutions they've experienced on the way to better and more practical ID and access management.

Inside the numbers: Access (out of) control?In April, SearchSecurity.com surveyed 358 IT professionals from a variety of industries regarding their identity and access management programs. Here is a look at some of the questions we asked and the answers they gave.

The survey results suggest IT shops are either working to make Microsoft Active Directory a better fit in their environments, or are looking to use the directory services of another vendor.

More than 85% said they're spending the same or more on directory services, while only about 14% said they're spending less or not at all. Though a vast majority said they use Microsoft Active Directory, 47% said they run multiple directories from separate vendors.

Others are satisfiedMicrosoft's system may be a thorn in the side of some IT administrators, but the survey numbers seem to indicate that a majority of users are happy with it.

More than 68% of respondents said they are either satisfied or very satisfied with their directory services, compared to only 6.28% who are not very or not at all satisfied.

Much of that satisfaction is probably directed at Microsoft, given the number of respondents who identified the company as their primary directory services vendor. For those using more than one directory, it's possible their satisfaction was directed toward one of the other vendors they use.

Brian Clark, an IT professional based in Chicago, said he's gotten Active Directory to do his bidding for the most part. In particular, he likes that the program can be used to manage the host-based firewall in Windows XP.

"The Payment Card Industry (PCI) [standard] requires that laptops have a host-based firewall installed that can't be disabled by the user," he said. "You can accomplish that via Active Directory Group Policy."

Getting helpClark's experience is with the Windows 2003 version of Active Directory. He said a lot of companies still use the Windows 2000 version, which some consider obsolete by today's standards. "I could see where they might have problems," he said.

It's well worth it. IT pro Brian Clark, on hiring a consultant to set up Active Directory,

Clark acknowledged there's a steep learning curve when it comes to figuring out Group Policy and that can be a problem for organizations lacking the internal resources to study it. At the company he most recently worked for, specialists from outside the company were brought in to help.

"We used a consultancy specializing in all things Windows," he said. "We brought them in to help us build things the way we wanted to."

By having the outside help, the company was able to broaden its use of Active Directory and it cost less than $10,000. His advice to those having trouble with Active Directory: Get the outside help.

If a company has a few thousand dollars to spare, he said, "It's well worth it."

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy